Share Blog post
Hackers are circulating a fake WhatsApp app, dubbed WhatsApp Plus, on the web. This malicious app is a variant of Android/PUP.Riskware.Wtaspin.GB, a fake WhatsApp riskware. The app is capable of stealing sensitive information from the infected smartphone and also install malware. The APK file of the app is in circulation online via comments on blogs and forums.
NetSupport Manager RAT
LockCrypt ransomware cracked
Weakness in encryption in the LockCrypt ransomware has been identified by security researchers. The malware is spread via RDP brute-force attacks that must be manually installed. Since the hackers reused the buffer, their algorithm became vulnerable to a plain text attack.
Authentication bypass flaw in Auth0 Identity platform
An authentication bypass vulnerability has been discovered in identity-as-a-service platform Auth0. Exploiting this flaw would allow hackers to access any portal or application, which are using Auth0 service for authentication. The vulnerability has been mitigated as the affected libraries have been extensively rewritten. New versions of SDKs have also been released.
Vulnerability in Linux Beep Command
A local privilege escalation vulnerability has been discovered in beep, an advanced PC speaker beeper. Beep allows the calling user to trigger those side effects even if they are not authorized to do so. Users needn't worry, as this tool doesn't exist in most of the modern day processors.
Posted on: April 09, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.